Monitor CPU resource utilization using Splunk App for Infrastructure
You can create an alert to notify you when your CPU.system is running at a high level. For example, you can create an alert for when a server is running at 100% of CPU.system utilization. This could be affecting the performance of server, and degrading application delivery and user experience.
Problem: Too many duplicated processes and threads are running at the same time, due to a bug in a patch that was deployed. The server is running at 100% of CPU.system utilization.
Resolution: Set up an alert to issue a warning when the average CPU.system utilization is greater than 89 percent.
Admin privileges required to configure and manage alerts.
Step 1: Investigate the entity for which you want to set an alert
- Click the Investigate tab to display a list of your entities.
- Click the entity for which you want to set an alert and drilldown to the Analysis Workspace
Step 2: Select the metric to set the alert
- On the Analysis Workspace, click the Metrics tab.
- Select cpu > system. A new chart displays.
Step 3: Save the chart as an alert
- In the chart, click the ... and select Create Alert. This launches the Create Alert dialog.
Step 4: Configure the alert
- Name: The alert is automatically given an alert name. Change the name if desired, following the character requirements.
- Entity title: The entity or group name is displayed.
- Metric: The type of metric selected for the chart, along with data analysis information.
- Trigger Actions: Enter a critical threshold for a value
greater than 89. You can click + Add New Threshold to add a lower warning threshold.
- Click + Alert Notification to configure notifications for the alert.
- Notify if: Select to notify a recipient if the alert severity improves, degrades, or either.
- via: Select the method to receive an alert.
- Depending on the alert method, enter the email address or webhook that will receive any notifications for the alert.
- Click Submit.
Step 5: Display alerts as a chart in the Analysis Workspace
- Click the Alerts tab to display the created alert.
- Click the alert from the list to display the alert as a chart. This allows you to monitor the alert in the main panel view. When an alert triggers, the icon and chart displays the alert color, and alert details display in the right Analysis panel.
Step 6: View triggered alerts from the Alerts List View
You can view your most recent triggered alerts from the Alerts List View.
- Click Alerts in the menu bar at the top of the user interface.
- Click an entity or group to view more details about the alert in the right slide-out panel. The following screen shows akron.usa.com
You now have an alert that will notify you by email if your entity's cpu.system reaches 89% or more.
Monitor CPU usage using Splunk App for Infrastructure
Using the Infrastructure Overview in Splunk App for Infrastructure
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.3.0, 1.3.1, 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1 Cloud only, 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5